Program Loading Hooks

The linux_binprm structure represents a new program being loaded
during an execve(2). LSM provides a set of program loading hooks,
binprm_security_ops, to manage the process of loading new programs.
Many security models, including Linux capabilities, require the ability
to change privileges when a new program is executed. Consequently,
these LSM hooks are called at critical points during program loading
to verify a task's ability to load a new program and update the task's
security field.

LSM adds a security field to the linux_binprm structure.
At the beginning of an execve(2) after the new program file is
opened, the alloc_security() program loading hook is called to
allocate the security field. The set_security() hook is used
to save security information in the linux_binprm security field.
This hook may be called multiple times during a single execve(2)
to accommodate interpreters. Either of these program loading hooks
can be used to deny program execution.

In the final stages of program loading, the compute_creds()
program loading hook is called to set the new security attributes of a
task being transformed by execve(2). Typically, this hook will
calculate the task's new credentials based on both its old credentials and
the security information stored in the linux_binprm security
field. Once the new program is loaded, the kernel releases the
linux_binprm security field by calling the free_security()
program loading hook.